What I'm Thinking About

Monthly Archives: July 2005

GeekFun has been getting a bit of traffic from people searching for information on the space shuttle and they’ve picked up since the space shuttle fleet was grounded, again, after the first shuttle launch since the Columbia disaster two years ago.

If the searches are at all representative of public opinion among interested parties, there are a few people who think that, as one searcher put it to Google, “the space shuttle [is a] piece of shit.”

Searching for “that phrase on Google”:http://www.google.com/search?q=space%20shuttle%20%20piece%20of%20shit includes a link to a post I made right after the Columbia disaster questioning “the value of continuing the shuttle program”:http://www.geekfun.com/archives/000089.html. On rereading, its pretty good, and, still pretty timely:

bq. The shuttle is supposed to be reusable, so we put all our space flight money into reusing them, rather than into designing and building truly inexpensive launch vehicles (reusable or not).

bq. The shuttle is supposed to be reusable, so we keep re-using them, even as we should be abandoning them, and people die in vain as a result.

bq. Its a good time to take stock and figure out the future of the space program, rather than plodding along in the past.

In my analysis, I drew heavily from an article on the shuttle program I’d read a few weeks before. If memory serves, it was an online reprint of an article first published 10-20 years earlier, probably in the Atlantic Monthly. Unfortunately, their online archive search doesn’t go back far enough to see for sure. I wish I could give credit where credit is due.

Share this:

While we are on the subject of “SPF”:http://www.geekfun.com/archives/000613.html, I’ll mention a “Thunderbird SPF plugin”:https://addons.mozilla.org/extensions/moreinfo.php?application=thunderbird&category=Message%20Reading&numpg=10&id=345 that I’ve just installed. It’s a bit quirky in that you have to tell it by hand what DNS servers it should use for it to work reliably (otherwise I suspect it forwards reqests to a server running on the author’s server, not something I feel good about).

It’s interesting to see what domains support SPF and which do not.

“Reed College”:http://www.reed.edu has SPF records for their mailservers while the University of Washington appearantly does not.

Others that do: Entercom, Netflix.

The plugin claims that Hotmail and MSN don’t support SPF verification, even though, to my untrained eye, their nameservers seem to report an appropriate SPF record.

E-mail sent through mailing lists, and forwarded from other personal accounts also fails because of the extra mailserver hop.

Share this:

SPF, which stands for Sender Policy Framework, is one tool in the fight against e-mail spam and phishing (forged mail that attempt to trick people into turning over valuable information, like bank account numbers and passwords). It helps establish that email that is appearantly from a particular domain was sent via a server approved to send mail from that domain.

This helps with phishing e-mails by helping to establish whether a piece of e-mail appearantly sent by your bank (or PayPal, or eBay, etc) was actually sent via an approved server.

It helps fight spam in a few ways. First of all, a lot of spam, including phishing email, is sent using forged addresses. SPF helps email spam-filters identify mail with forged senders, which may be a hint that a given peice of email might be spam.

Similarly, the absense of any sort of approved sending mailserver for a given domain is a hint that a given email might be spam. Spammers can create SPF records for the mailservers they use, but that means they have to send mail using domain names they control, which makes it easier to track down the people responsible for illegal spam and pursue them in the civil and criminal courts.

The presence of a legitimate SPF record for a given e-mail doesn’t necessarily mean the message is legitimate and the absense of one doesn’t mean its spam, but both provide additional information to help determine whether a given message is legitimate or bogus.

There are lots of competing approaches to sender verification, and the big ISPs are still fighting with eachother for supremacy. All I know is that Google has started to use SPF records in the spam filters for Gmail while AOL and Hotmail are validating their mailservers with SPF.

I’ve done the same for Geekfun.com. My “DNS host”:http://www.pairnic.com advertises support for SPF records with their custom DNS. This is true, happily, though they don’t give any explanation on how to create one. Fortunately, I found this handy “SPF record creation wizard”:http://spf.pobox.com/wizard.html to help walk me through the process.

Share this:

I’m helping “my friend Jeff”:http://jeffjlin.typepad.com/ with some of the preparations for the release of the release of the next “Harvey Danger album”:http://harveydanger.com. The current site runs on a shared hosting account with “a reputable provider”:http://www.pair.com, but the band will need a big upgrade to help with a promotional strategy that calls for the distribution of some big (50MB+) media files. This is where I come in.

To make a long story short, thanks to Moore’s law and Ebbert’s fraud, servers and bandwidth are pretty cheap these days. Even so, it makes sense to make the most of what you have. In this regard, “lighttpd”:http://www.lighttpd.net/ looks like it might be a better bet than Apache for dealing with serving up big files that take a while to download.Continue reading →

bq. A year after breaking box-office records with “The Passion of the Christ,” which was shot in Aramaic, Latin and Hebrew, Gibson has struck a deal with the Walt Disney Co. to release his next picture in a Mayan dialect.